Huawei netengine80e Configuration Manual
  1. Manuals
  2. Brands
  3. Huawei Manuals
  4. Network Router
  5. Quidway NetEngine80E
  6. Configuration manual
Huawei netengine80e Configuration Manual

Huawei netengine80e Configuration Manual

Hide thumbs Also See for netengine80e:
Table of Contents

Advertisement

Quick Links

Download this manual See also: Configuration Manual
HUAWEI NetEngine80E/40E Router
V600R003C00
Configuration Guide - Basic
Configurations
Issue
02
Date
2011-09-10
HUAWEI TECHNOLOGIES CO., LTD.

Advertisement

Table of Contents
loading

Related Manuals for Huawei netengine80e

Summary of Contents for Huawei netengine80e

  • Page 1 HUAWEI NetEngine80E/40E Router V600R003C00 Configuration Guide - Basic Configurations Issue Date 2011-09-10 HUAWEI TECHNOLOGIES CO., LTD.
  • Page 2 All other trademarks and trade names mentioned in this document are the property of their respective holders. Notice The purchased products, services and features are stipulated by the contract made between Huawei and the customer. All or part of the products, services and features described in this document may not be within the purchase scope or the usage scope.

  • Page 3: About This Document

    This document is intended for: Commissioning Engineer Data Configuration Engineer Network Monitoring Engineer System Maintenance Engineer Symbol Conventions The symbols that may be found in this document are defined as follows. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 4: Command Conventions

    Several items or no item can be selected. &<1-n> The parameter before the & sign can be repeated 1 to n times. A line starting with the # sign is comments. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 5 10.8 Configuring a Working Mode for an LPUF-40 or LPUF-20/21 is added to describe the configuration of service mode for an LPUF-20/21 or LPUF-40. Changes in Issue 01 (2011-06-30) Initial commercial release. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 6: Table Of Contents

    2.5 Configuration Examples...........................23 2.5.1 Example for Running Commands in Batches..................23 2.5.2 Example for Using Tab..........................24 2.5.3 Example for Using Shortcut Keys......................25 2.5.4 Example for Copying Commands Using Shortcut Keys.................25 Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 7 4.4.6 Setting User Authentication Mode of the VTY User Interface...............55 4.4.7 (Optional) Configuring NMS Users to Log In Through VTY User Interfaces........56 4.4.8 Checking the Configuration........................58 4.5 Configuration Examples...........................59 4.5.1 Example for Configuring Console User Interface...................59 Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 8 5.6.6 Clearing Logged-in Users........................93 5.6.7 Configuring Configuration Locking......................93 5.7 Configuration Examples...........................94 5.7.1 Example for Configuring User Login Through a Console Port..............94 5.7.2 Example for Logging In Through the AUX Port..................97 Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 9 6.6.3 Example for Performing File Operations by Means of SFTP...............135 6.6.4 Example for Performing File Operations by Means of Xmodem............137 7 Configuring System Startup....................140 7.1 System Startup Overview..........................141 7.1.1 System Software............................141 Issue 02 (2011-09-10) Huawei Proprietary and Confidential viii Copyright © Huawei Technologies Co., Ltd.
  • Page 10 8.5 Accessing Files on Another Device by Using TFTP..................167 8.5.1 Establishing the Configuration Task.....................167 8.5.2 (Optional) Configuring a Source IP Address for a TFTP Client............168 8.5.3 (Optional) Configuring TFTP Access Authority...................168 Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 11 9.1 Introduction of Clock Synchronization Configuration...................230 9.1.1 Overview of Clock Synchronization Configuration................230 9.1.2 Clock Synchronization Supported by the NE80E/40E................230 9.2 Setting Basic Configurations for Clock Synchronization................230 9.2.1 Establishing the Configuration Task.....................231 Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 12 10.2 Powering off the MPU..........................256 10.2.1 Establishing the Configuration Task....................256 10.2.2 Powering off the Slave MPU.......................257 10.2.3 Checking the Configuration.........................258 10.3 Powering off the SFU...........................258 10.3.1 Establishing the Configuration Task....................259 Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 13 10.11.6 Displaying the Threshold of CPU Usage..................276 10.11.7 Displaying Alarm Information......................276 10.11.8 Displaying the Board Temperature....................277 10.11.9 Displaying the Board Voltage......................277 10.11.10 Displaying the Power Supply Status....................278 10.11.11 Displaying Current Information About Boards................278 Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 14 12.3.3 Checking the Configuration.........................305 12.4 Installing a Patch............................306 12.4.1 Establishing the Configuration Task....................306 12.4.2 Loading a Patch...........................307 12.4.3 Activating a Patch..........................307 12.4.4 Running a Patch...........................308 12.4.5 (Optional) Synchronizing Patches.......................308 Issue 02 (2011-09-10) Huawei Proprietary and Confidential xiii Copyright © Huawei Technologies Co., Ltd.
  • Page 15 12.5.2 Deactivating a Patch..........................313 12.5.3 Checking the Configuration.........................313 12.6 Configuration Examples of the Patch Management..................314 12.6.1 Example for Installing a Patch......................314 A Glossary............................317 B Acronyms and Abbreviations....................323 Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 16: Logging In To The System For The First Time

    The plug-and-play function enables the router to automatically access the network and obtains an IP address after the router is powered on. This allows engineers to remotely log in to the router to perform basic configurations. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 17: Introduction To Log In To The Device For The First Time

    When the router is powered on for the first time, you need to use the console port to log in to the router to configure and manage the router. Pre-configuration Tasks Before logging in to the router through the console port, complete the following tasks: Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 18: Establishing The Physical Connection

    As the router is logged in for the first time, every terminal attribute uses the default value of the router. Procedure Step 1 Start a terminal emulator on the PC, and create a new connection, as shown in Figure 1-1. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 19 Step 2 Set interface,as shown in Figure 1-2. Figure 1-2 Interface setting Step 3 Set communication parameter, same as the default of router,as shown in Figure 1-3. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 20: Logging In To The Router That Supports The Plug-And-Play Function

    1 Logging In to the System for the First Time Figure 1-3 Communication parameter setting Step 4 Press Enter. A command line prompt such as <HUAWEI> appears, and the user view is displayed for you to configure the router. ----End 1.3 Logging In to the router That Supports the Plug-and-Play...
  • Page 21 Run the undo pnp enable command to disable the plug-and-play function. Run the undo pnp default route command to delete the default route generated by the plug-and-play function. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 22: Cli Overview

    2.4 Shortcut Keys Using the system or user-defined shortcut keys makes it easier to enter commands. 2.5 Configuration Examples This section provides several examples for using command lines. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 23: Cli Introduction

    2.1.2 Command Levels The system manages commands in hierarchy for security. The administrator can set user levels corresponding to command levels to implement user-specific access control. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 24 Chapter 4 "Basic Configuration" Configuring Command Levels in the HUAWEI NetEngine80E/40E Configuration Guide - Basic Configurations. NOTE l The default command level may be higher than the command level defined according to the command rules in application.
  • Page 25 Enter a desired command level in the "Type in the word(s) to search for" textbox and click "List Topics". All commands of the specified level will be displayed as shown in Figure 2-2. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 26: Command Line Views

    The following part uses the user, system, and BFD views as an example: # Establish connection to the router. If the router adopts the default configuration, you can enter the user view with the prompt of <HUAWEI>. <HUAWEI> # Run the system-view command to enter the system view.

  • Page 27: Online Help

    NOTE The command prompt "HUAWEI" is the default host name. The prompt indicates a specific view. For example, "<HUAWEI>" indicates the user view, and "[HUAWEI-ui-console0]" indicates the console user interface view. Some commands can be used in both system and other views, but have different effects. For example, the mpls command can be run in the system view to enable MPLS globally or in the interface view to enable MPLS only on this interface.

  • Page 28: Partial Help

    Wrong parameter Parameter type error The parameter value exceeds the limit Incomplete command Incomplete command entered Too many parameters Too many parameters entered Ambiguous command Indefinite parameters entered Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 29: Cli Features

    All command lines have the same displaying feature. You can construct the displaying mode as required. You can control the display of information on the CLI as follows: Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 30: Regular Expressions

    "@" in "xxx@xxx.com". Particular characters Particular characters are used together with common characters to match the complex or particular string combination. Table 2-5 describes particular characters and their syntax. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 31 Matches any character within the [0-9] matches any character ranging specified range. from 0 to 9. [^a-z] Matches any character beyond the [^0-9] matches all non-numeric specified range. characters. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 32 Combination of common and particular characters In actual application, a regular expression combines multiple common and particular characters to match certain strings. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 33: Previously-Used Commands

    2 CLI Overview Specifying a Filtering Mode in Command CAUTION The HUAWEI NetEngine80E/40E uses a regular expression to implement the filtering function of the pipe character. A display command supports the pipe character only when there is excessive output information.

  • Page 34: Batch Command Execution

    Step 1 In the user view, run: batch-cmd edit Commands are edited to be executed in batches. batch-cmd edit command can be used by only one user at a time. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 35: Shortcut Keys

    NOTE Different terminal software defines these keys differently. Therefore, the shortcut keys on the terminal may be different from those listed in this section. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 36 The cursor moves upward to the previous line. ESC_SHIFT_< Sets the position of the cursor to the beginning of the clipboard. ESC_SHIFT_> Sets the position of the cursor to the end of the clipboard. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 37: Defining Shortcut Keys

    Run the following command in any view to display the use of shortcut keys. Action Command Check the usage of shortcut keys. display hotkey Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 38: Configuration Examples

    Next startup license file: default Startup patch package: NULL Next startup patch package: NULL <HUAWEI> batch-cmd execute command: display clock 2011-01-27 01:25:24 Thursday Time Zone(DefaultZoneName) : UTC Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 39: Example For Using Tab

    – Input an incorrect keyword and press Tab to check the correctness of the keyword. Input a wrong keyword loglog. [HUAWEI] info-center loglog Press Tab. [HUAWEI] info-center loglog Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 40: Example For Using Shortcut Keys

    No double quotation marks are required for single-word commands. Step 2 Press Ctrl_U when the prompt [HUAWEI] appears. [HUAWEI] display ip routing-table Route Flags: R - relay, D - download to fib...
  • Page 41 <HUAWEI> display ip routing-table NOTE If you press shortcut keys to copy a new command, you can paste only the new command by using shortcut keys. ----End Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 42: Basic Configuration

    This section describes how to configure the basic system environment. 3.2 Displaying System Status Messages This section describes how to use display commands to check basic configurations of the current system. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 43: Configuring The Basic System Environment

    Language information (Chinese and English) has been stored in the system software and does not need to be loaded. Do as follows in the user view: Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 44: Configuring The Equipment Name

    Step 2 Run: sysname host-name The equipment name is set. By default, the equipment name of the router is HUAWEI. You can change the name of the router that appears in the command prompt. ----End 3.1.4 Setting the System Clock You need to set the system time properly to ensure the cooperation between the NE80E/40E and other devices.

  • Page 45: Configuring A Header

    A header text is a message displayed by the system when and after a user is logging in to the router. If you need to provide information for login users, you can configure a header that the system displays during login or after login. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 46: Configuring Command Levels

    No command lines exist in Level 2 to Level 9 and Level 11 to Level 14. The user can adjust the command lines to these levels separately to refine the management of privilege. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 47: Configuring The Undo Command To Match In The Previous View Automatically

    This may lead to global deletion of the OSPF feature. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 48: Displaying System Status Messages

    Basic configuration are complete. Procedure Run the display version command to display the system version. Run the display clock [ utc ] command to display the system time. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 49: Displaying System Status

    ----End Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 50: Configuring User Interface

    VTY user interface as needed. 4.5 Configuration Examples This section provides examples for configuring console, AUX, and VTY user interfaces. These configuration examples explain networking requirements, configuration roadmap, and configuration notes. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 51: User Interface Overview

    By default, the system supports three types of user interfaces: CON, AUX, and VTY. Table 4-1 shows the absolute numbers of the user interfaces in this system. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 52 In the case of AAA authentication, the command that the user can run is determined by the level of the local user specified in the AAA configuration. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 53: Configuring The Console User Interface

    4.2.2 Setting Physical Attributes of Console User Interface You can configure the rate, flow control mode, parity mode, stop bit, and data bit for the console port. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 54 By default, the value is 1 bit. Step 7 Run: databits { 5 | 6 | 7 | 8 } The data bit is set. By default, the data bit is 8. ----End Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 55: Setting Terminal Attributes Of Console User Interface

    Step 6 Run: history-command max-size size-value The history command buffer is set. By default, the size of history command buffer on a user interface is 10 entries. ----End Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 56: Configuring User Priority Of Console User Interface

    Configuring the user authentication mode can improve the security of the router. Context By default, the user authentication mode of the console user interface is non-authentication. Procedure Configuring AAA Authentication Run: system-view Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 57 The system view is displayed. Run: user-interface console interface-number The console user interface view is displayed. Run: authentication-mode none The authentication mode is set to non-authentication. ----End Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 58: Checking The Configuration

    <HUAWEI> display local-user ---------------------------------------------------------------------------- Username State Type CAR Access-limit Online ---------------------------------------------------------------------------- user123 Active All Active F user1 Active F ---------------------------------------------------------------------------- Total 3,3 printed Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 59: Configuring The Aux User Interface

    4.3.2 Setting Physical Attributes of AUX User Interface Physical attributes of the AUX user interface include the transmission rate, flow control mode, parity mode, stop bit, and data bit of the AUX port. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 60 HyperTerminal should be in accordance with the attributes of the AUX user interface on the router. Otherwise, the user cannot log in to the router. ----End Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 61: Setting Terminal Attributes Of Aux User Interface

    The size of the history command buffer is configured. By default, the size of history command buffer on user interface is 10 entries. ----End Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 62: Setting User Priority Of Aux User Interface

    Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: user-interface aux interface-number The AUX user interface view is displayed. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 63: Optional) Configuring Auto-Execute Commands Of Aux User Interface

    Do as follows on the router that the user logs in to: Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: user-interface aux 0 The AUX user interface view is displayed. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 64: Setting User Authentication Mode Of Aux User Interface

    { simple | cipher } password Local user and password are configured. Configuring Password Authentication Run: system-view The system view is displayed. Run: user-interface aux interface-number Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 65: Checking The Configuration

    <HUAWEI> display users User-Intf Delay Type Network Address AuthenStatus AuthorcmdFlag AUX 0 00:00:44 pass Username : Unspecified Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 66: Configuring Vty User Interface

    Before configuring VTY user interface, complete the following tasks: Logging in to the router by using a terminal Data Preparation To configure a VTY user interface, you need the following data. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 67: Configuring Maximum Vty User Interfaces

    For example, a maximum of five users are allowed online. To allow 15 VTY users online at the same time, you need to run the authentication-mode command and the set authentication Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 68: Optional)Setting Limit On Incoming And Outgoing Calls Of Vty User Interfaces

    <HUAWEI> system-view [HUAWEI] user-interface maximum-vty 15 [HUAWEI] user-interface vty 5 14 [HUAWEI-ui-vty5-14] authentication-mode password [HUAWEI-ui-vty5-14] set authentication password cipher huawei ----End 4.4.3 (Optional)Setting Limit on Incoming and Outgoing Calls of VTY User Interfaces This section describes how to configure an ACL to limit incoming and outgoing calls of the VTY user interface.

  • Page 69: Setting User Priority Of Vty User Interface

    This section describes how to control users' authority of logging in to the router and improve the security of managing the router by configuring the user priority. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 70: Setting User Authentication Mode Of The Vty User Interface

    By default, the user authentication mode of the VTY user interface is password authentication. Procedure Configuring AAA Authentication Run: system-view The system view is displayed. Run: user-interface vty number1 [ number2 ] The VTY user interface view is displayed. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 71: Optional) Configuring Nms Users To Log In Through Vty User Interfaces

    4.4.7 (Optional) Configuring NMS Users to Log In Through VTY User Interfaces Network Management System (NMS) users can log in to a device through VTY user interfaces to set parameters about the device. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 72 The channels do not support the RSA authentication mode but support the password authentication. Step 8 Run: quit The system view is displayed. Step 9 Run: mmi-mode enable The system is switched to the machine-to-machine mode. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 73: Checking The Configuration

    Maximum of VTY user:15 Run the display user-interface vty [ ui-number1 | ui-number ] [ summary ] command to check the physical attributes and configurations of user interfaces. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 74: Configuration Examples

    In the console user interface view, the user priority is set to 15, and the password authentication mode is set (the password is huawei). After a user logs in, if the user takes no action on the router for more than 30 minutes, the connection between the user and the router is torn down.
  • Page 75 Timeout period for disconnecting from the console user interface: 30 minutes Number of lines that a terminal screen displays: 30 Size of the history command buffer: 20 User priority: 15 User authentication mode: password (password: huawei) Procedure Step 1 Set physical attributes of the console user interface. <HUAWEI> system-view...

  • Page 76: Example For Configuring Aux User Interface

    In the AUX user interface, the user priority is set to 15, and the authentication mode is set to AAA, with the user name of user123 and the password of huawei. After a user logs in, if the user takes no action on the router for more than 30 minutes, the connection between the user and the router is torn down.
  • Page 77 [HUAWEI-ui-aux0] authentication-mode aaa [HUAWEI-ui-aux0] quit [HUAWEI] aaa [HUAWEI-aaa] local-user user123 password simple huawei [HUAWEI-aaa] quit After the AUX user interface is configured, a user in AAA authentication mode can log in to the router through an AUX port, implementing maintenance of the router. For details on how a...

  • Page 78: Example For Configuring Vty User Interface

    In the VTY user interface, the user priority is set to 15, the authentication mode is set to password, with the password of "huawei", and the user with the IP address of 10.1.1.1 is prohibitted from logging in to the router.
  • Page 79 HUAWEI NetEngine80E/40E Router Configuration Guide - Basic Configurations 4 Configuring User Interface User priority: 15 User authentication mode: password, password: huawei Procedure Step 1 Set the maximum number of VTY user interfaces. <HUAWEI> system-view [HUAWEI] user-interface maximum-vty 15 Step 2 Set the limit on call-in and call-out in the VTY user interface.

  • Page 80: Configuring User Login

    This section provides several examples describing how to configure user login by using a console port, Telnet, or STelnet. You can understand the configuration procedures by referring to the Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 81 HUAWEI NetEngine80E/40E Router Configuration Guide - Basic Configurations 5 Configuring User Login configuration flowchart. The configuration examples provide information about the networking requirements, configuration notes, and configuration roadmap. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 82: Overview Of User Login

    When a user needs to configure the router that is powered on for the first time or locally maintain the router, the user can log in to the router through a console port. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 83: Establishing The Configuration Task

    A user can log in to the router by connecting a terminal with the router through a console port. Context For details, see Login Through the Console Portrouter. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 84: Checking The Configuration

    Run the display local-user command, and you can view the local user list. <HUAWEI> display local-user ---------------------------------------------------------------------------- Username State Type CAR Access-limit Online ---------------------------------------------------------------------------- user123 Active All Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 85: Logging In To The Devices Through The Aux Port

    Figure 5-1 Networking diagram of remote login through an AUX port PSTN Modem Modem Router Pre-configuration Tasks Before configuring user login through an AUX port, complete the following tasks: Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 86: Configuring Aux User Interface

    Step 1 Start a terminal emulator (such as HyperTerminal of Windows XP) in the PC to establish a connection with the router, as shown in Figure 5-2. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 87 Step 2 Set dialing information, as shown in Figure 5-3. Figure 5-3 Dialing information setting Step 3 Establish a connection with the router, as shown in Figure 5-4. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 88 If certain communication parameters need to be modified, press Modify in the Figure 5-4, as shown in Figure 5-5, and then press Set, as shown in Figure 5-6. Figure 5-5 Connection attribute modification Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 89: Checking The Configuration

    Step 4 Press Dialing. If user authentication is needed, input the corresponding authentication information, and wait till the command line prompt of the user view appears, such as <HUAWEI>. This indicates that the user view is entered and relevant configurations can be input.

  • Page 90: Logging In To The Devices By Using Telnet

    Before configuring user login by using Telnet, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This will help you complete the configuration task quickly and accurately. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 91: Configuring Vty User Interface

    These attributes, however, generally do not need to be set because they have default values. For detailed settings, see Configuring VTY User Interface. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 92: Optional) Configuring Local Telnet Users

    Do as follows on the router that serves as an Telnet server. Select and perform one of the following two steps for IPv4 or IPv6. Procedure For the IPv4 network Run: system-view Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 93: Optional) Configuring Listening Port Number For Telnet Server

    Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: telnet server port port-number The listening port number of the Telnet server is set. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 94: Logging In To The Router By Using Telnet

    Step 2 Run the telnet ip-address command to telnet the router. Input the IP address of the Telnet server. Press "Enter" to display the command line prompt of the system view, such as <HUAWEI>. This indicates that you have accessed the Telnet server. Issue 02 (2011-09-10) Huawei Proprietary and Confidential...

  • Page 95: Checking The Configuration

    Telnet server. <HUAWEI> display telnet server status Telnet IPV4 server :Enable Telnet IPV6 server :Enable Telnet server port Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 96: Logging In To The Devices By Using Stelnet

    STelnet client to the SSH server, preferred HMAC algorithm from the SSH server to the STelnet client, preferred algorithm of key exchange, name of the outgoing interface, and source address Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 97: Configuring Vty User Interface

    The VTY user interface is displayed. Step 3 Run: authentication-mode The AAA authentication mode is configured. Step 4 Run: protocol inbound The VTY user interface is configured to support SSH. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 98: Configuring An Ssh User And Specifying Stelnet As One Of Service Types

    { simple | cipher } password Name and password of the local user are created. Step 3 Run: rsa local-key-pair create A local RSA key pair is generated. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 99 Copy the RSA public key to the router that serves as the SSH server. Run: public-key-code end Quit the public key editing view. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 100 { stelnet | all } The service type for the SSH user is configured. By default, the service type of the SSH user is not configured. ----End Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 101: Enabling The Stelnet Server Function

    SSH1.X, SSH2.0 is extended in structure and supports more compatibility authentication modes and key exchange methods. SSH2.0 also supports more advanced services such as SFTP. The HUAWEI NetEngine80E/40E supports SSH versions ranging from 1.3 to 2.0. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright ©...

  • Page 102: Server Operation

    By default, the interval is 0, indicating that the key pair will never be updated. pair of the SSH server is updated ----End Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 103: Logging In To The Router By Using Stelnet

    For details on how to use OpenSSH commands to log in to the router, refer to the help document of the software. Procedure Step 1 Use the windows command line. Step 2 Run relevant OpenSSH commands to log in to the router in STelnet mode. ----End Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 104: Checking The Configuration

    Retry CTOS Cipher : aes128-cbc STOC Cipher : aes128-cbc CTOS Hmac : hmac-md5 STOC Hmac : hmac-md5 : diffie-hellman-group-exchange-sha1 Service Type : stelnet Authentication Type : password Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 105: Common Operations After Login

    To prevent an unauthorized user from using high-level commands, a password is required to increase the user level. When configuring the switchover of user levels on the router, users can perform HWTACACS Authentication. For detailed configurations, refer to the HUAWEI NetEngine80E/40E router Configuration Guide - Security. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright ©...

  • Page 106: Locking User Interfaces

    5.6.3 Locking User Interfaces When you leave the operation terminals for a moment, you can lock the user interface to prevent unauthorized users from operating the interface. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 107: Sending Messages To Other User Interfaces

    User information includes the user name, address, and authentication and authorization information. Procedure Run the display users [ all ] command to view information about logged-in users. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 108: Clearing Logged-In Users

    If the configuration set is already locked, an prompt message is displayed after this command is run. Step 2 Run: system-view Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 109: Configuration Examples

    Figure 5-7 Networking diagram of user login through a console port Router Configuration Roadmap Connect a PC to the router through a console port. Perform login settings on the PC. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 110 Step 2 Start a terminal emulator on the PC, and set the communication parameters of the PC, as shown Figure 5-8 Figure 5-10. Figure 5-8 Connection creation Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 111 Step 3 Power on the router and wait for the completion of the self-check. After the router starts normally and finishes the self-check, the system prompts you to press Enter. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 112: Example For Logging In Through The Aux Port

    HUAWEI NetEngine80E/40E Router Configuration Guide - Basic Configurations 5 Configuring User Login Wait till the prompt (mostly the <HUAWEI>) appears, and then you can use a command to view the running status of the router or configure the router. ----End 5.7.2 Example for Logging In Through the AUX Port...

  • Page 113: Example For Configuring User Login By Using Telnet

    Step 4 Log in to the router. Enter the user name and password in the remote terminal emulation program. After authentication succeeds, a command line prompt such as <HUAWEI> appears. Enter the command to check the running status of the router or configure the router.
  • Page 114 Number of lines that a terminal screen displays: 30 Size of the history command buffer: 20 Telnet user information (authentication mode: AAA, user name: huawei, password: hello) Procedure Step 1 Respectively connection the PC and the router to the network.
  • Page 115 Figure 5-14 Window after login of the router Click Yes and then input the user name and password in the login window. If user authentication succeeds, a command line prompt such as HUAWEI is displayed. ----End Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright ©...

  • Page 116: Example For Configuring User Login By Using Stelnet

    In this configuration example, the password authentication mode is used. Figure 5-15 Networking diagram of configuring user login by using STelnet GE1/0/1 10.137.217.225/16 Network SSH Server Configuration Roadmap The configuration roadmap is as follows: Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 117 [SSH Server-ui-vty0-4] quit NOTE If SSH is configured as the login protocol, the NE80E/40E automatically disables Telnet. Step 3 Configure the password of the SSH user Client001 to huawei. [SSH Server] aaa [SSH Server-aaa] local-user client001 password cipher huawei [SSH Server-aaa] local-user client001 level 3...
  • Page 118 # Log in to the device through the software putty, and enter the user name client001 and the password huawei. ----End Configuration Files Configuration file of the SSH server sysname SSH Server local-user client001 password cipher huawei local-user client001 level 3 Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 119 GigabitEthernet1/0/1 undo shutdown ip address 10.137.217.225 255.255.255.0 stelnet server enable ssh user client001 authentication-type password user-interface vty 0 4 authentication-mode aaa protocol inbound ssh return Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 120: Managing File System

    This section provides an example for performing files by accessing the system and using FTP or SFTP.These configuration examples explain networking requirements, configuration roadmap, and configuration notes. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 121: File System Overview

    Performing File Operations by Means of Xmodem XModem is a file transfer protocol and is mainly applied to the AUX port.XModem does not support simultaneous operations of multiple users. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 122: Performing File Operations By Means Of The File System

    Connecting the client with the server correctly Data Preparation To perform file operations by logging in to the file system, you need the following data: Data Storage device name Directory name Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 123: Managing Storage Devices

    If the storage device cannot work after running the format device-name command, a fault may occur to the hardware. ----End 6.2.3 Managing the Directory You can manage directories to logically store files in hierarchy. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 124: Managing Files

    Contents of a text file are displayed screen after screen. If you hold and press the spacebar on the current terminal, all contents of the current file can be displayed. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 125 If you use the parameter [ /unreserved ] in the delete command, the file cannot be restored after being deleted. Run: undelete filename The deleted file is recovered. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 126: Performing File Operations By Means Of Ftp

    6.3 Performing File Operations by Means of FTP FTP can transmit files between local and remote hosts, and is widely used for version upgrade, log downloading, file transmission, and configuration saving. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 127: Establishing The Configuration Task

    Otherwise, you cannot access the router by using FTP. Do as follows on the router that serves as the FTP server: Procedure Step 1 Run: system-view Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 128: Optional) Specifying A Port Number For The Ftp Server

    FTP service, and then change the FTP port. Do as follows on the router that serves as the FTP server: Procedure Step 1 Run: system-view Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 129: Enabling The Ftp Server

    FTP connection expires, the system breaks the connection to release resources. Do as follows on the router that serves as the FTP server: Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 130: Optional) Configuring An Ftp Acl

    [ rule-id ] { deny | permit } [ fragment | logging | source { source-ip-address source-wildcard | any } | time-range time-name | vpn-instance vpn-instance-name ] The ACL rule is configured. NOTE FTP supports only the basic ACL (2000 to 2999). Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 131: Accessing The System By Using Ftp

    Enter the user name and password at the prompt, and press Enter. When the windows command line prompts are displayed in the FTP client view, such as ftp>, you have entered the working directory of the FTP server. ----End Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 132: Performing File Operations By Using Ftp Commands

    FTP server. – Run the mget remote-filenames command to download multiple files from the FTP server and save them locally. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 133 When local-filename is set, related information about the file can be downloaded locally. NOTE If you need other FTP operations,you can perform the help [ command ] command to get help in the Windows command line. ----End Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 134: Checking The Configuration

    SSH supports SFTP. SFTP is a secure FTP service and enables users to log in to the FTP server for data transmission. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 135: Configuring Vty User Interface

    6.4.3 Configuring SSH for the VTY User Interface To allow users to log in to the router by using SFTP, you need to configure VTY user interfaces to support SSH. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 136: Configuring An Ssh User And Specifying Sftp As One Of Service Types

    RSA key pairs. NOTE Password-RSA authentication requires success of both password authentication and RSA authentication. The all authentication mode requires success of either password authentication or RSA authentication. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 137 Authenticate the SSH user through RSA. Run: ssh user user-name authentication-type rsa The RSA authentication is configured for the SSH user. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 138 The timeout period of the SSH authentication is set. By default, the timeout period is 60 seconds. Run: ssh server authentication-retries times The number of retry times of the SSH authentication is set. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 139: Enabling The Sftp Service

    Step 1 Run: system-view The system view is displayed. Step 2 Run: sftp server enable The SFTP service is enabled. By default, the SFTP service is disabled. ----End Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 140: Optional) Configuring The Stelnet Server Parameters

    SSH1.X, SSH2.0 is extended in structure and supports more compatibility authentication modes and key exchange methods. SSH2.0 also supports more advanced services such as SFTP. The HUAWEI NetEngine80E/40E supports SSH versions ranging from 1.3 to 2.0. Listening port The default listening port number of an SSH server is 22. Users can log in to number of an the device by using the default listening port number.

  • Page 141: Accessing The System By Using Sftp

    Step 2 Run relevant OpenSSH commands to log in to the router in SFTP mode. When the command line prompt is displayed in the SFTP client view, such as sftp>, users have entered the working directory of the SFTP server. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 142: Performing File Operations By Using Sftp

    Procedure Run: help [ all | command-name ] The SFTP client command help is displayed. You can perform one or multiple of the following operations as required. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 143: Checking The Configuration

    SSH client on the SSH server. Run the display ssh server status command on the SSH server to check its global configurations. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 144: Performing File Operations By Means Of Xmodem

    : diffie-hellman-group-exchange-sha1 Service Type : sftp Authentication Type : password 6.5 Performing File Operations by Means of Xmodem This section describes how to transfer files through XModem. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 145: Establishing The Configuration Task

    NE80E/40E provides the function of XModem receiving program, which is applied to the AUX port and supports 128-byte packets and CRC. The function of XModem sending program is automatically included in the HyperTerminal. Do as follows on the router: Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 146: Configuration Examples

    Check this directory and view that the file is copied successfully to the specified directory. Data Preparation To complete the configuration, you need the following data: Source file name and target file name Source file path and target file path Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 147: Example For Performing File Operations By Means Of Ftp

    Figure 6-1, after the FTP server is enabled on the router, you can log in to the FTP server from the HyperTerminal to upload or download files. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 148 IP address of the FTP server, that is, 10.137.217.221 Timeout period for the FTP connection, that is, 30 minutes FTP username as huawei and password as huawei on the server The destination file name and its position in the FTP client Procedure Step 1 Configure the IP address of the FTP server.
  • Page 149 Figure 6-3 Performing file operations by means of FTP NOTE You can run the command before downloading a file or after uploading a file to view the detailed information of the file. ----End Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 150: Example For Performing File Operations By Means Of Sftp

    Configure a local key pair on the SSH server to securely exchange data between the SFTP client and the SSH server. Configure VTY user interfaces on the SSH server. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 151 Enable SFTP services on the SSH server and configure a user service type. Data Preparation To complete the configuration, you need the following data: SSH user authentication mode: password, user name: client001, password: huawei User level of client001: 3 IP address of the SSH server: 10.137.217.225 Procedure Step 1 Configure a local key pair on the SSH server.

  • Page 152: Example For Performing File Operations By Means Of Xmodem

    The router is connected to PC through the AUX port. Log in to the router through the AUX port, to receive files from the AUX port and save the received files to the cfcard. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 153 Step 3 Specify the file to be sent on the HyperTerminal. Figure 6-6 Specifying the file to be sent After the configuration, press Send to send the file. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 154 1515 Jul 19 2005 17:39:55 vrpcfg.cfg -rw- 3844 Jul 14 2004 11:51:45 exception.dat -rw- 8628372 Jun 01 2005 10:14:34 ne20-vrp330-0521.01.bin -rw- Jul 27 2005 10:51:26 paf.txt ----End Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 155: Configuring System Startup

    7.4 Configuration Examples This section provides an example for configuring system startup.These configuration examples explain networking requirements, configuration roadmap, and configuration notes. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 156: System Startup Overview

    7.1.3 Configuration Files and Current Configurations During the running of the router, configuration files and current configurations are differently defined. The concepts of configuration files and current configurations are as follows: Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 157: Managing Configuration Files

    Pre-configuration Tasks Before managing configuration files, complete the following task: Installing the router and starting it properly Data Preparation To manage configuration files, you need the following data. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 158: Saving Configuration Files

    When automatic saving is triggered by the expiry of the timer, the CPU usage is checked. If the CPU usage is higher than the set upper limit, automatic saving will be canceled. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 159: Clearing A Configuration File

    The system software does not match the configuration file after the router has been upgraded. The configuration file is destroyed or an incorrect configuration file has been loaded. Do as follows to clear the contents of a configuration file: Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 160: Comparing Configuration Files

    Procedure Run: compare configuration [ configuration-file ] [ current-line-number save-line- number ] The current configuration is compared with the configuration file for next startup. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 161: Checking The Configuration

    <HUAWEI> display startup MainBoard: Configured startup system software: cfcard:/V600R003C00SPC300.cc Startup system software: cfcard:/V600R003C00SPC300.cc Next startup system software: cfcard:/V600R003C00SPC300.cc Startup saved-configuration file: cfcard:/vrp.cfg Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 162: Specifying A File For System Startup

    To change system software for the next startup operation, you need to specify the required one. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 163: Configuring The Configuration File For Router To Load For The Next Startup

    Prerequisite The file has been specified for system startup. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 164: Configuration Examples

    The router is installed with double main control boards. After the router is configured, new configurations take effect after the system restarts. Configuration Roadmap The configuration roadmap is as follows: Save the current configuration. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 165 After the configuration is complete, run the following command to check the configuration file and system software to be loaded during the next startup of the router. <HUAWEI> display startup Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 166 Next startup paf file: default Startup license file: default Next startup license file: default Startup patch package: NULL Next startup patch package: NULL ----End Configuration Files None. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 167: Accessing Another Device

    8.8 Configuration Examples This section describes examples for access another device. The examples explain networking requirements, configuration notes, and configuration roadmap. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 168: Accessing Another Device

    Figure 8-3. The typical application is to connect the asynchronous interface of the router with multiple devices for their remote configuration and maintenance. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 169 Info: The max number of VTY users is 10, and the current number of VTY users on line is 1. Info: The connection was closed by the remote host. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 170: Ftp Method

    TFTP server, receives packets from the server, and sends acknowledgement to the server. To upload files, the client sends a write request packet to the TFTP server, sends packets to the server, and receives acknowledgement from the server. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 171: Ssh Method

    This improves the security of data transmission when the remote system is updated. Meanwhile, the client function enables you to log in to the remote device through SFTP for secure file transmission. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 172: Logging In To Other Devices By Using Telnet

    Before logging in to another device on the network by using Telnet, complete the following tasks: Ensuring that the router that you attempt to log in to works properly, and enabling Telnet services on the device Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 173: Optional) Configuring A Source Ip Address For An Telnet Client

    ----End 8.2.3 Logging in to Another Device by Using Telnet You can log in to another router and manage it by using Telnet. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 174: Checking The Configuration

    TCPCB Tid/Soid Local Add:port Foreign Add:port VPNID State 39952df8 36 /1509 0.0.0.0:0 0.0.0.0:0 Closed 32af9074 59 /1 0.0.0.0:21 0.0.0.0:0 14849 Listening 34042c80 73 /17 10.164.39.99:23 10.164.6.13:1147 Established Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 175: Connecting To Another Device By Using The Telnet Redirection Function

    Before redirecting the client to another device by using Telnet, complete the following tasks: Configuring a reachable route between the client and Router A Powering on the remote device Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 176: Enabling The Telnet Redirection Function

    AUX0 is numbered as 33, and the interface number is therefore 2033. l You can log in to the remote device that needs to be managed and maintained from the Telnet client by using the specified interface. ----End Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 177: Connecting Another Device By Using The Telnet Redirection Function

    0.0.0.0:21 0.0.0.0:0 23553 Listening 3b558554 128/1 0.0.0.0:23 0.0.0.0:0 23553 Listening 31cf1978 128/4 0.0.0.0:2033 0.0.0.0:0 23553 Listening 31cf1bb0 128/6 0.0.0.0:4033 0.0.0.0:0 23553 Listening 11a22ad8 128/3 10.137.217.225:23 10.138.77.38:3670 Established Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 178: Logging In To Another Device By Using Stelnet

    After the first-time authentication on the SSH client is enabled, the STelnet client does not check the validity of the RSA public key when logging in to the SSH server for the first time. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 179: Configuring The First Successful Login To Another Device (Allocating An Rsa Public Key To The Ssh Server)

    RSA public key to the SSH server before the STelnet client logs in to the SSH server. Do as follows on the router that serves as an SSH client: Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 180 SSH client and the SSH server. Then, run ssh client servername assign rsa-key keyname command to allocate a new RSA public key to the SSH server. ----End Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 181: Logging In To Another Device By Using Stelnet

    SSH servers, and the sessions between the SSH servers and the STelnet client. Prerequisite The configurations for logging in to another device by using STelnet are complete. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 182: Accessing Files On Another Device By Using Tftp

    To access another device by using TFTP, you need the following data. Data (Optional) Source address or source interface of the router that functions as a TFTP client Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 183: Optional) Configuring A Source Ip Address For A Tftp Client

    Each ACL can define multiple rules. ACL rules are classified into the interface ACL, basic ACL, and advanced ACL based on the functions of ACL rules. NOTE TFTP supports only the basic ACL (whose number ranges from 2000 to 2999). Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 184: Downloading Files By Using Tftp

    8.5.5 Uploading Files by Using TFTP You can upload files from the TFTP client to the TFTP server. Do as follows on the router that serves as the TFTP client: Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 185: Checking The Configuration

    This section describes how to configure the router as an FTP client to log in to the FTP server, and to upload files to or download files from the server. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 186: Establishing The Configuration Task

    The source address of a client can be configured as a source interface or a source IP address. The interface configuration is possible, only if the system has a loopback interface. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 187: Connecting To Other Devices By Using Ftp Commands

    The FTP view is displayed. Run: open [-a source-ip-address | -i interface-type interface-number ] host [ port-number ] [ vpn-instance vpn-instance-name ] The router is connected to the FTP server. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 188: Operating Files By Using Ftp Commands

    Configuring data type and transmission mode for the file. – Run: ascii binary The data type of the file to be transmitted is ascii or binary mode. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 189 Run one or more commands in the following order to manage directories. – Run: pathname The working path of the remote FTP server is specified. – Run: Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 190: Changing Login Users

    8.6.5 Changing Login Users After logging in to an FTP server, you can change the username on the client and re-log in to the server with the new username. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 191: Disconnecting From The Ftp Server

    8.6.7 Checking the Configuration After the configurations of accessing other devices by using FTP are complete, you can view the source parameters configured on the FTP client. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 192: Accessing Files On Another Device By Using Sftp

    To access files on another device by using SFTP, you need the following data: Data (Optional) Source address of the device that functions as the SFTP client (Optional) Name of the SSH server Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 193: Optional) Configuring A Source Ip Address For An Sftp Client

    If the first-time authentication on the SSH client is enabled, the SFTP client does not check the validity of the RSA public key when logging in to the SSH server for the first time. After the Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 194: Configuring The First Successful Login To Another Device (Allocating An Rsa Public Key To The Ssh Server)

    Do as follows on the router functioning as an SSH client: Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 195: Connecting To Other Devices By Using Sftp

    The command of enabling the SFTP client is similar to that of the STelnet. When accessing the SSH server, the SFTP can carry the source address and the name of the VPN instance and choose Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 196: Operating Files By Using Sftp Commands

    Displaying the SFTP client command help. After logging in to the router that functions as an SSH client and entering the SFTP client view, you can perform the following steps: Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 197 The file on the server is removed. Displaying the SFTP client command help help [all | command-name ] The SFTP client command help is displayed. ----End Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 198: Checking The Configuration

    8-7, users can telnet Router A but cannot telnet Router B. The route between Router A and Router B is reachable. In this case, users can telnet Router B from Router A to remotely configure and manage Router B. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 199 It is optional to configure an ACL for Telnet services. Step 2 Log in to Router B from Router A through Telnet. <HUAWEI> system-view [HUAWEI] sysname RouterA Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 200 5 permit source 1.1.1.1 0 interface GigabitEthernet1/0/1 undo shutdown ip address 2.1.1.1 255.255.255.0 user-interface con 0 user-interface vty 0 4 acl 2000 inbound set authentication password simple hello return Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 201: Example For Logging In To Another Device By Using The Telnet Redirection Function

    [RouterA] interface Aux 0/0/1 [RouterA-Aux0/0/1] undo shutdown [RouterA-Aux0/0/1] quit Step 2 Enable the redirection function on Router A. [RouterA] user-interface aux 0 [RouterA-ui-aux0] undo shell [RouterA-ui-aux0] redirect Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 202: Example For Logging In To Another Device By Using Telnet On A Vpn

    Figure 8-9 Networking diagram for logging in to another device by using Telnet on a VPN GE1/0/0 GE1/0/0 1.1.1.2 24 1.1.1.1 24 VPN tt IP Network RouterA RouterB Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 203 [RouterB-acl-basic-2000] rule permit vpn-instance tt source 1.1.1.1 0 [RouterB-acl-basic-2000] quit [RouterB] user-interface vty 0 4 [RouterB-ui-vty0-4] acl 2000 inbound NOTE Configuring Telnet terminal services based on the ACL is optional. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 204: Example For Configuring The Device As The Stelnet Client To Connect To The Ssh Server

    8-10, after the STelnet service is enabled on the SSH server, the STelnet client can log in to the SSH server with the password, RSA, password-rsa, or all authentication mode. In this example, the Huawei router functions as an SSH server. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright ©...
  • Page 205 Users Client001 and Client002 log in to the SSH server through STelnet. Data Preparation To complete the configuration, you need the following data: Client001 with the password as huawei and adopt the password authentication. Client002, adopt the RSA authentication and assign the public key RsaKey001 to Client002.
  • Page 206 # Configure the password authentication for the SSH user Client001. [SSH Server] ssh user client001 [SSH Server] ssh user client001 authentication-type password # Configure the password of the SSH user Client001 to huawei. [SSH Server] aaa [SSH Server-aaa] local-user client001 password cipher huawei...
  • Page 207 [client002] ssh client first-time enable # Client001 of the STelnet connects to SSH server with the password authentication mode . Enter the user name and password. <client001> system-view Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 208 The server's public key will be saved with the name 10.10.1.1. Please wait... Enter password: Enter the password huawei. It shows that the login is successful, as follows: Info: The max number of VTY users is 20, and the number of current VTY users on line is 6.
  • Page 209 RsaKey001 ssh user client001 service-type stelnet ssh user client002 service-type stelnet user-interface vty 0 4 authentication-mode aaa protocol inbound ssh Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 210: Example For Accessing Files On Another Device By Using Tftp

    Use the TFTP command on the router to upload the file. Data Preparation To complete the configuration, you need the following data: The TFTP application installed on the TFTP server Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 211 1004 Feb 05 2001 09:51:22 vrp1.zip -rw- 6247 May 19 2006 15:00:10 license.txt -rw- 14343 May 16 2006 14:13:42 paf.txt.bak -rw- 86235884 Feb 05 2001 10:23:46 V600R003C00SPC300.cc Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 212: Example For Configuring The Access Of The Tftp Server On The Public Network When The Management Vpn Instance Is Used

    Use the TFTP command on the router to upload the file. Data Preparation To complete the configuration, you need the following data: The TFTP application installed on the TFTP server Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 213 The display may be different depending on different TFTP server applications run in the computer. Step 2 Log in to the router from the computer HyperTerminal and enter the following command to download the file. <HUAWEI>tftp 10.111.16.160 public-net get V600R003C00SPC300.cc cfcard:/ V600R003C00SPC300.cc Info: Transfer file in binary mode.

  • Page 214: Example For Accessing Files On Another Device By Using Ftp

    8-15, the route between Router A that functions as the FTP client and the FTP server is reachable. A user needs to download system software and configuration software from the FTP server. The Huawei router functions as an FTP server. Figure 8-15 Networking diagram for accessing files on another device by using FTP...
  • Page 215 Target file and its location on Router A Procedure Step 1 Configure an FTP user on the FTP server. <HUAWEI> system-view [HUAWEI] aaa [HUAWEI-aaa] local-user huawei password simple 123 [HUAWEI-aaa] local-user huawei service-type ftp [HUAWEI-aaa] local-user huawei ftp-directory cfcard: [HUAWEI-aaa] quit Step 2 Enable the FTP server.

  • Page 216: Example For Configuring The Access Of The Ftp Server On The Public Network When The Management Vpn Instance Is Used

    Data Preparation To complete the configuration, you need the following data: IP address of the FTP server is 1.1.1.1 User name huawei and password huawei The destination file name and its position in the router Procedure Step 1 Log in to the FTP server from the router.

  • Page 217: Example For Accessing Files On Another Device By Using Sftp

    SSH server with the password, RSA, password-rsa, or all authentication. In this example, the Huawei router functions as an SSH server. Two users client001 and client002 are configured to log in to the SSH server in the authentication mode of password and RSA respectively.
  • Page 218 Data Preparation To complete the configuration, you need the following data: Client001 with the password as huawei and adopt the password authentication. Client002, adopt the RSA authentication and assign the public key RsaKey001 to Client002. IP address of the SSH server is 10.10.1.1.
  • Page 219 8 Accessing Another Device [SSH Server] ssh user client001 [SSH Server] ssh user client001 authentication-type password # Set huawei as the password for the Client001 of the SSH user. [SSH Server] aaa [SSH Server-aaa] local-user client001 password simple huawei [SSH Server-aaa] local-user client001 service-type ssh [SSH Server-aaa] quit l Create Client002 for the SSH user.
  • Page 220 # Connect the STelnet client Client002 to the SSH server with the RSA authentication mode. <client002> system-view [client002] sftp 10.10.1.1 Please input the username: client002 Trying 10.10.1.1 ... Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 221 Sftp-directory : cfcard: Service-type : sftp Authorization-cmd : No User 2: User Name : client002 Authentication-type : rsa User-public-key-name : RsaKey001 Sftp-directory : cfcard: Service-type : sftp Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 222 10.10.2.2 255.255.0.0 ssh client first-time enable return Configuration file of Client002 on the SSH client sysname client002 interface GigabitEthernet1/0/1 ip address 10.10.3.3 255.255.0.0 ssh client first-time enable return Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 223: Example For Configuring The Access Of The Sftp Server On The Public Network When The Management Vpn Instance Is Used

    SFTP server on the public network, you need to connect the router to the SFTP server on the public network. The Huawei router functions as an SSH server. Two users client001 and client002 are configured to access the SSH server in the authentication mode of password and RSA respectively.
  • Page 224 # Create an SSH user with the name Client001. The authentication mode is password. [SSH Server] ssh user client001 [SSH Server] ssh user client001 authentication-type password # Set huawei as the password for the Client001 of the SSH user. [SSH Server] aaa [SSH Server-aaa] local-user client001 password simple huawei...
  • Page 225 Step 5 Enable the STelnet service on the SSH server. # Enable the STelnet service. [SSH Server] sftp server enable Step 6 Configure the service type and authorized directory of the SSH user. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 226 SFTP server: Enable STELNET server: Disable # Display the connection of the SSH server. [SSH Server] display ssh server session Session 1: Conn : VTY 3 Version : 2.0 Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 227 A4E3AA1D 54692B04 C6A28D3D C58DE2E8 E0D58D65 7A25CF92 A74D21F9 E917182B 0203 010001 public-key-code end peer-public-key end local-user client001 password simple huawei local-user client001 service-type ssh interface GigabitEthernet1/0/1 undo shutdown ip address 10.10.1.1 255.255.0.0 Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 228: Example For Accessing The Ssh Server Through Other Port Numbers

    Thus, only the valid user can set up the socket connection through the non-standard monitored port set by the SSH server, and follow the procedure of negotiating the SSH version number, Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 229 The Huawei router functions as an SSH server. The client client001 is configured to log in to the SSH server by using STelnet in the authentication mode of password; the client client002 is configured to log in to the SSH server by using SFTP in the authentication mode of RSA.
  • Page 230 Enter "RSA key code" view, return last view with "public-key-code end". [SSH Server-rsa-key-code] 3047 [SSH Server-rsa-key-code] 0240 [SSH Server-rsa-key-code] BFF35E4B C61BD786 F907B5DE 7D6770C3 E5FD17AB [SSH Server-rsa-key-code] 203C8FCB BBC8FDF2 F7CB674E 519E8419 0F6B97A8 Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 231 # Create an SSH user with the name Client001. The authentication mode is password. [SSH Server] ssh user client001 [SSH Server] ssh user client001 authentication-type password # Set huawei as the password toSSH user Client001. [SSH Server] aaa [SSH Server-aaa] local-user client001 password simple huawei...
  • Page 232 10.10.1.1. Please wait... Enter password: Enter the password Huawei and view as follows: Info: The max number of VTY users is 10, and the number of current VTY users on line is 1.
  • Page 233 RsaKey001 ssh user client001 service-type stelnet ssh user client002 service-type sftp ssh user client002 sftp-directory cfcard:. user-interface vty 0 4 authentication-mode aaa protocol inbound ssh Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 234: Example For An Ssh Client In The Public Network To Access An Ssh Server In The Private Network

    CE1 on the private network through PE1. The Huawei router functions as an SSH server. The client client001 is configured to log in to the SSH server by using STelnet in the authentication mode of password; the client client002 is configured to log in to the SSH server by using SFTP in the authentication mode of RSA.
  • Page 235 VPN-target on PE is 111:1 IP address 10.1.1.2 of PE1; IP address 10.1.2.2 of PE2 Client001 with the password as huawei and adopt the password authentication Client002, adopt the RSA authentication and assign the public key RsaKey001 to Client002 IP address of the SSH server CE1 on the private network, that is, 10.1.1.1...
  • Page 236 CTRL_C to break Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 time=260 ms Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 time=70 ms Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 time=60 ms Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 237 NOTES: If the key modulus is greater than 512, It will take a few minutes. Input the bits in the modulus[default = 512]: 768 Generating keys..++++++++++++ Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 238 Enter "RSA public key" view, return system view with "peer-public-key end". [CE1-rsa-public-key] public-key-code begin Enter "RSA key code" view, return last view with "public-key-code end". [CE1-rsa-key-code] 3067 [CE1-rsa-key-code] 0240 [CE1-rsa-key-code] BC011055 8BCCB887 384E5A14 1EF982A8 CA44A376 Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 239 # Create an SSH user with the name Client001. The authentication mode is password. [CE1] ssh user client001 [CE1] ssh user client001 authentication-type password # Set huawei as the password for the Client001 of the SSH user. [CE1] aaa [CE1-aaa] local-user client001 password simple huawei...
  • Page 240 The server's public key will be saved with the name:10.1.1.1. Please wait... Enter password: Enter the password huawei. The following information is displayed: Info: The max number of VTY users is 10, and the current number of VTY users on line is 1.
  • Page 241 GigabitEthernet1/0/1 ip binding vpn-instance vpn1 ip address 10.1.1.2 255.255.255.0 interface Pos1/0/1 link-protocol ppp ip address 100.1.1.1 255.255.255.0 mpls mpls ldp interface LoopBack1 ip address 1.1.1.9 255.255.255.255 Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 242 0.0.0.0 network 2.2.2.9 0.0.0.0 network 100.1.1.0 0.0.0.255 network 200.1.1.0 0.0.0.255 return Configuration file of PE2 sysname PE2 ip vpn-instance vpn1 ipv4-family route-distinguisher 200:1 vpn-target 111:1 export-extcommunity Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 243 Configuration file of CE2 sysname CE2 interface GigabitEthernet1/0/1 ip address 10.1.2.1 255.255.255.0 bgp 65420 peer 10.1.2.2 as-number 100 ipv4-family unicast undo synchronization import-route direct peer 10.1.2.2 enable return Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 244: Clock Synchronization Configuration

    Ethernet clock synchronization implements clock synchronization among devices on an IP bearer network. 9.8 Configuration Examples of Clock Synchronization This section provides examples for configuring clock protection switching and for configuring Ethernet clock synchronization. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 245: Introduction Of Clock Synchronization Configuration

    Include BITS0, BITS1, BITS2 and PTP. 9.2 Setting Basic Configurations for Clock Synchronization This section describes how to set basic configurations for clock synchronization. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 246: Establishing The Configuration Task

    The clock synchronization function is enabled on a port. Step 6 Run: quit Return to the system view from the interface view. Step 7 (Optional) Run: Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 247: Checking The Configuration

    ----End 9.3 Configuring an External BITS Clock Source You can run commands on the routerto configure the device to trace different types of external BITS clock sources. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 248: Establishing The Configuration Task

    9.3.3 Configuring an External Clock Source and Its Signal Type on the router The router supports four types of signals (2mhz, 2mbps, dcls, and 1pps). Context Do as follows on every routers on the clock synchronization network. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 249: Checking The Configuration

    Step 2 Run: clock bits-type An external BITS clock source and its signal type are configured. For information about clock source IDs and signal types, refer to the HUAWEI NetEngine80E/ 40E Router - Command Reference. ----End 9.3.4 Checking the Configuration Context Run the following commands to check the previous configuration.

  • Page 250: Configuring A Clock Reference Source

    Configuring signal type of the external clock reference source Data Preparation None. 9.4.2 Configuring a Clock Reference Source Context Do as follows on all routers on the clock synchronization network. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 251: Checking The Configuration

    Run the following commands to check the previous configuration. Procedure Step 1 Run: display clock { config | source } View the information about the clock source attributes. ----End Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 252: Configuring Clock Protection Switching Based On Ssm Levels

    Do as follows on all routers in the clock synchronization network: Procedure Step 1 Run: system-view The system view is displayed. Step 2 Run: clock clear [ 2msync-1 | 2msync-2 ] Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 253: Enabling Ssm

    { bits0 | bits1 | bits2 | ptp } ssm { prc | ssua | ssub | sec | dnu | unk } The SSM level of the external clock reference source is configured. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 254: Setting A Timeslot Of The 2.048 Mbit/S Bits Clock Signal To Carry Ssms

    By default, the SSM level is extracted from the interface. If the SSM level is forcibly set, the forcibly-set SSM level takes effect. Do as follows on all routers in the clock synchronization network: Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 255: Checking The Configuration

    Run the following commands to check the previous configuration. Procedure Run: display clock { config | source } View the information about the clock source attributes. ----End Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 256: Configuring Clock Protection Switching Based On Priorities

    Step 1 Run: system-view The system view is displayed. Step 2 Run: clock clear [ 2msync-1 | 2msync-2 ] The router is configured to automatically select clock sources. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 257: Disabling Ssm

    The system view is displayed. Run: clock source { bits0 | bits1 | bits2 | ptp } priority priority-value Priorities are set for the clock reference sources BITS and 1588. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 258: Checking The Configuration

    Radio Network Controller (RNC) and the Base Transceiver Station (BTS) in the application of wireless service. The clock signals sent by the devices on the bearer network are Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 259: Enabling Ethernet Clock Synchronization

    Ethernet clock signals can be transmitted only after the Ethernet clock synchronization is enabled on all the router in an IP bearer network. Do as follows on all router in the clock synchronization network: Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 260: Configuring Ethernet Clock Source

    { dnu | prc | sec | ssua | ssub | unk } The SSM level of the clock source is configured. ----End 9.7.4 Checking the Configuration Context Run the following commands to check the previous configuration. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 261: Configuration Examples Of Clock Synchronization

    BITS clock source. As shown in Figure 9-3, Router A to Router F trace the clock signal from BITS0. The figure shows the direction of clock tracing in normal situations. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 262 Sources Router A BITS0 BITS0 Router A BITS0 GE1/0/0 Router A BITS0 Internal clock Router B GE1/0/0 GE1/0/0 Router B GE1/0/0 GE2/0/0 Router B GE1/0/0 Internal clock Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 263 [RouterB] interface GigabitEthernet 1/0/0 [RouterB-GigabitEthernet1/0/0] clock synchronization enable [RouterB-GigabitEthernet1/0/0] clock priority 1 [RouterB-GigabitEthernet1/0/0] interface GigabitEthernet 2/0/0 [RouterB-GigabitEthernet2/0/0] clock synchronization enable [RouterB-GigabitEthernet2/0/0] clock priority 2 # Configure Router C Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 264 Step 5 Check the clock source attributes of other router. # The displayed information about Router B, Router C, Router D, Router E, and Router F is similar. The following uses Router B as an example. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 265 # After the connection between the BITS clock source and Router A is closed, all router perform clock source tracing switchover/ Figure 9-4shows the clock source tracing after the connection between the BITS clock source and Router A is closed. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 266 Router B Configuration Files sysname RouterB clock ethernet-synchronization enable interface GigabitEthernet1/0/0 undo shutdown clock priority 1 clock synchronization enable interface GigabitEthernet2/0/0 Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 267 1 clock synchronization enable interface GigabitEthernet2/0/0 undo shutdown clock priority 2 clock synchronization enable return Router F Configuration Files sysname RouterF clock ethernet-synchronization enable interface GigabitEthernet1/0/0 Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 268 Configuration Guide - Basic Configurations 9 Clock Synchronization Configuration undo shutdown clock priority 2 clock synchronization enable interface GigabitEthernet2/0/0 undo shutdown clock priority 1 clock synchronization enable return Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 269: Device Maintenance

    This section describes the procedure for configuring a cleaning cycle for the air filter. 10.11 Monitoring the Device Status Monitoring the device status facilitates fault location and cause analysis. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 270 Using NAP, you can remotely log in to devices with empty configurations to implement remote deployment. 10.14 Configuration Examples of the Device Maintenance This section provides examples for powering off different types of boards to describe common device maintenance operations. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 271: Introduction Of Device Maintenance

    Before powering off the MPU, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This can help you complete the configuration task quickly and accurately. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 272: Powering Off The Slave Mpu

    After powering off the slave MPU, restore the MPU immediately. Do as follows on the router to be configured: Procedure Step 1 Run: power off slot slot-id The slave MPU is powered off. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 273: Checking The Configuration

    Present Registered Normal 10.3 Powering off the SFU When the SFU is faulty or you need to routinely maintain the SFU, you can power off the SFU. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 274: Establishing The Configuration Task

    You can power off the SFU by using a command or pressing the OFL button. Context Do as follows on the router to be configured: Procedure Step 1 Run: power off slot slot-id The SFU is powered off. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 275: Checking The Configuration

    Normal Present Registered Normal Present Registered Normal Present Registered Normal Present Registered Normal 10.4 Powering off the NPU This section describes how to power off the NPU. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 276: Establishing The Configuration Task

    The OFL button is in the upper part of the slave NPU. Press the button for six seconds. If the OFL indicator is on, it means that powering off the NPU succeeds. ----End Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 277: Checking The Configuration

    Maintenance of the LPU such as dust removing Failure of the LPU and replacement of the LPU Pre-configuration Tasks Before powering off the LPU, you need finish the following task: prepare a slave LPU. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 278: Powering Off The Lpu

    After the LPU is powered off, you can run the display device command to check whether the LPU has been powered off. Context Run the following commands to check the previous configuration. Procedure Run: display device Check the registration of the LPU. ----End Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 279: Restoring The Bandwidth Of 10Ge Lan/Wan Interfaces On An Npu To 10 Gbit/S

    By default, the bandwidth of 10GE LAN/WAN interfaces on an NPU is 10 Mbit/s. To restore the bandwidth of 10GE LAN/WAN interfaces to 10 Gbit/s, purchase a legitimate GTL file. Pre-configuration Tasks None. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 280: Restoring The Bandwidth Of 10Ge Lan/Wan Interfaces On An Npu To 10 Gbit/S

    Otherwise, you need to bind the GTL file again once the device is restarted. ----End 10.6.3 Checking the Configuration After enabling the 10GE LAN/WAN interface on an NPU, you can check the current PIC cards on the device. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 281: Switching Between The Operation Modes Of The Lpuf-10

    When operating in support-fr mode, the LPUF-10 can support FR services, instead of ATM services. Pre-configuration Tasks Before switching the operation mode of the LPUF-10, complete the following task: Identifying the current operation mode of the LPUF-10 Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 282: Switching Between The Operation Modes Of The Lpuf-10

    10.7.3 Checking the Configuration After the operation mode of the LPUF-10 is configured, you can check the configuration. Context Run the following command to check the previous configuration. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 283: Configuring A Working Mode For An Lpuf-40 Or Lpuf-20/21

    When working in this mode, the subcard supports 1588v2 and the 1588v2 ACR client function, but not packet reassembly. Pre-configuration Tasks Before configuring a service mode for an LPU, complete the following task: Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 284: Configuring A Service Mode For An Lpuf-20/21 Or Lpuf-40

    { slot-id | all } { netstream-1-mode | ptp-1-mode } A service mode is configured for the LPU to support the 1588v2 ACR server function or NetStream. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 285: Checking The Configuration

    Support 2047 MPLS OAM sessions.support (2048 3.3ms | 2048 10ms) bfd sessions.can not suppo rt 1588 ACR serverSupport 4095 Mep,4095 Rmep, 4095 Ma EOAM/MPLS-TP sessions.Support Netstr eam. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 286: Configuring The Cmu

    NMS so that the maintenance personnel can be informed of the problem and come to the site to address the problem. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 287: Configuring A Cleaning Cycle For The Air Filter

    To configure a cleaning cycle for the air filter, you need the following data. Data Cleaning cycle of the air filter 10.10.2 Configuring a Cleaning Cycle for the Air Filter Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 288: Remonitoring The Cleaning Cycle Of The Air Filter

    The alarm is cleared. The cleaning cycle of the air filter is monitored. ----End 10.10.4 Checking the Configuration Procedure Step 1 Run: display dustproof Information about the air filter is displayed. ----End Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 289: Monitoring The Device Status

    The basic information includes detailed information about the LPU, MPU, SFU, clock board, power supply, and fan module. Procedure Step 1 Run: display device [ pic-status | slot-id] Basic information about the router is displayed. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 290: Displaying The Electronic Label

    Enter slot-id to view information about the electronic label of the board in the specified slot. NOTE For the range of numbers of the slots on the router, refer to the HUAWEI NetEngine80E/40E Router Hardware Description. Information displayed includes the type of the board and PIC card, bar code, BOM, English description, production date, supplier name, issuing number, CLEI (Common Language Equipment Identification) code, and sales BOM.

  • Page 291: Displaying The Threshold Of The Memory Usage

    CPU usage. ----End 10.11.7 Displaying Alarm Information The alarm information includes the alarm level, alarm date and time, and alarm description. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 292: Displaying The Board Temperature

    The voltage information includes the number of voltage sensors on each board, working voltage sensor of each board, working status of the voltage sensor on each board, and voltage alarm thresholds of each board. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 293: Displaying The Power Supply Status

    Operation mode of the power supply module l Cable status of the power supply module ----End 10.11.11 Displaying Current Information About Boards Context Do as follows on the router. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 294: Displaying Entironment Information About The Device

    Fan speed mode of the fan module ----End 10.11.14 Displaying the Sequence Number of the MPU Each MPU has a globally unique equipment serial number (ESN). Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 295: Displaying The Next Start Mode Of The Board

    In the operation, if the number of the SFUs that is actually used is smaller than the number of the SFUs that the device requires for registration, the trap is generated. Run the least Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 296: Board Maintence

    If this command is run to reset a master MPU and no slave MPU exists, the master MPU is reset with the CPU being powered on. If a slave MPU exists, this command performs master/slave MPU switchover. l If the board is still abnormal after being reset, contact the Huawei technical support personnel. ----End 10.12.2 Clearing the Maximum CPU Usage To recalculate the maximum CPU usage, you can clear the original statistics.

  • Page 297: Configuring Nap-Based Remote Deployment

    Ensuring that the interfaces connecting the device with an empty configuration and the device in the current network are both in the Up state, and support NAP. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 298: Configuring And Starting The Nap Master Interface

    In NAP, IP addresses can be allocated either automatically or manually. Procedure Automatic allocation of IP addresses Run: system-view The system view is displayed. Run: interface interface-type interface-number The interface view is displayed. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 299 IP addresses are configured for establishing NAP connections. The default IP address pool for establishing NAP connections is 10.167.253.0/24. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 300: Remote Login

    10.13.4 Disabling NAP on the Slave Device If the NAP function is no longer required, you need to disable NAP on the slave interface of the slave device. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 301: Checking The Configuration

    If the interface is not assigned an IP address, the following information is displayed. ------------------------------------------------------ NAP master port list: Port count ------------------------------------------------------ Port property : Master Current status : DETECTING Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 302: Configuration Examples Of The Device Maintenance

    On a dual-MPU router, if the master MPU malfunctions or you need to routinely maintain the master MPU, you can power off the master MPU after performing the master/slave switchover. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 303 17 Caution!!! This command may affect operation by wrong use, please carefully use it with HUAWEI engineer's direction. Are you sure to do this operation?[Y/N]?y Step 3 Verify the configuration. # Check the registration status of the MPU. You can view that the MPU in slot 17 is in the unregistered and abnormal state.

  • Page 304: Example For Powering Off The Sfu

    19 Caution!!! This command may affect operation by wrong use, please carefully use it with HUAWEI engineer's direction. Are you sure to do this operation?[Y/N]?y Step 2 Verify the configuration. # Check the registration status of the SRU in slot 19. You can view that the SRU is in the unregistered and abnormal state.

  • Page 305: Example For Powering Off The Lpu

    <HUAWEI> power off slot 5 Caution!!! This command may affect operation by wrong use, please carefully use it with HUAWEI engineer's direction. Are you sure to do this operation?[Y/N]?y Step 2 Verify the configuration. Issue 02 (2011-09-10) Huawei Proprietary and Confidential...

  • Page 306: Example For Configuring The Operation Mode Of The Lpuf-10

    The configuration roadmap is as follows: Check the current operation mode of the LPUF-10. Switch the operation mode of the LPUF-10. Data Preparation To complete the configuration, you need the following data: Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 307: Example For Configuring Nap-Based Remote Deployment In Automatic Mode

    Both the interfaces connecting Router B and Router C should be in the Up state, and should support NAP. Figure 10-1 Networking diagram of configuring NAP-based remote deployment GE1/0/1 Network RouterA RouterB RouterC Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 308: Example For Configuring Nap-Based Remote Deployment In Static Mode

    In this example, the temporary neighbor relationship is set up between the router and the device with the empty configuration and IP addresses are assigned to the router and the device to implement remote deployment in manual mode. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 309 You can view that the primary and secondary IP addresses have been assigned to the master and slave interfaces. For example: [RouterB-GigabitEthernet1/0/1] display nap status Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 310 VTY users on line is 1. Step 4 Disable NAP on the slave device. # Configure Router C. <HUAWEI> system-view [HUAWEI] sysname RouterC [RouterC] undo nap slave enable ----End Configuration Files None Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 311: Device Upgrading

    When you need to add new features, optimize existing features, or solve problems in the current version, you can upgrade the device. 11.1 Overview of Device Upgrade 11.2 Upgrade Modes Supported by the NE80E/40E Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 312: Overview Of Device Upgrade

    When upgrading the NE80E/40E at the site, prepare a spare part for each board. Obtain the new system software, the Product Adaptive File (PAF) or license file, and the corresponding documents of the new version from Huawei. Back up configuration files, and collect and save service configurations.
  • Page 313 After the NE80E/40E is upgraded, the master MPU/SRU can be registered but the slave MPUs/SRUs cannot be registered. The MPU/SRU is replaced. Other devices cannot log in to the NE80E/40E through Telnet. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 314: Patch Management

    If an installed patch does not take effect, you need to deactivate the patch. 12.6 Configuration Examples of the Patch Management This section describes some Configuration Examples. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 315: Introduction Of Patch Management

    The patch in the deactive state can be as area but disabled. follows: l Uninstalled, that is, deleted from the patch area. l Enabled temporarily and turns to the active state. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 316: Patches Supported By The Ne80E/40E

    Delete patch Delete patch Run patch Running Activated 12.1.2 Patches Supported by the NE80E/40E The NE80E/40E allows patches to be loaded to the system or a certain board. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 317: Checking The Running Of Patch In The System

    At a certain time, the system allows the running of only one patch. Therefore, you need to confirm no patch is running in the current system before installing a patch. If a patch runs, delete the patch before installing the new patch. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 318: Checking The Running Of Patch In The System

    Context Before installing a patch, you need to delete the running patch. Do as follows on the router to be upgraded. Procedure Step 1 Run:patch delete Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 319: Loading A Patch

    Do as follows on the router to be upgraded: Procedure Step 1 Upload a patch to the root directory of the CF card of the master MPU. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 320: Checking The Configuration

    CF card. For example, check the files on the CF card of the master MPU: <HUAWEI> dir cfcard:/ Directory of cfcard:/ Attr Size(Byte) Date Time FileName Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 321: Installing A Patch

    Before installing a patch on the system, familiarize yourself with the applicable environment, complete the pre-configuration tasks, and obtain the required data. This can help you complete the configuration task quickly and accurately. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 322: Loading A Patch

    When the patch is loaded successfully, it's status is Deactive and keeps Deactive after the board is reset. 12.4.3 Activating a Patch A patch can be activated only when it is correctly loaded and is in the deactivated state. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 323: Running A Patch

    After patches on the active and standby MPUs are synchronized, the patches on the active and standby MPUs are the same. Context Do as follows on the router: Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 324: Checking The Configuration

    Total Patch Unit Running Patch Unit Active Patch Unit Deactive Patch Unit : 1 - 1 <HUAWEI>display patch-information configure-file Codes: M(Max patch ID in the board) ------------------------------------------------------------- Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 325 This slot does not need patch ----------The patch information of slot 33---------- Total Patch Unit Running Patch Unit Active Patch Unit : 1 - 1 Deactive Patch Unit Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 326 Pack file name cfcard:/patch.pat ----------The patch information of slot 3---------- This slot does not need patch ----------The patch information of slot 4---------- This slot does not need patch Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 327 ------------------------------------------------------- <HUAWEI>display patch-information configure-file next-startup Codes: M(Max patch ID in the board) ----------------------------------------- Slot Active Deactive NPPatch ----------------------------------------- idle idle -------------------------------------- Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 328: Optional) Unactivating The Activating Of Patch

    12.5.3 Checking the Configuration After a patch is deactivated, you can run the display command to check the patch status. Procedure Run: display patch-information Check the patch state. ----End Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 329: Configuration Examples Of The Patch Management

    12-3shows that some urgent bug occurs to the system software at the Provider Edge (PE) connected to the Internet. Huawei provides the patch file to remove the bug. The patch in this patch file must be installed to remove the bug.
  • Page 330 # Copy the patch file to the CF card on the slave MPU. <PE> copy cfcard:/patch.pat slave#cfcard:/ Copy cfcard:/patch.pat to slave#cfcard:/patch.pat?[Y/N]:y 100% complete Info:Copied file cfcard:/ patch.pat to slave#cfcard:/ patch.pat...Done Step 2 Load the patch. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 331 The hot patch information, as follows: ************************************************************************ Slot Type State Count ------------------------------------------------------------ Running ************************************************************************ The cold patch information, as follows: ************************************************************************ all slots do not need cold patch ----End Configuration Files None Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

  • Page 332: A Glossary

    IP address. Compared with the ACL, the black list can filter the packet at a high speed because its matching region is simple. It can shield the packet from the specified IP address. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 333 File Transfer Protocol. An application protocol in the TCP/IP stack, used for transferring files between remote hosts. FTP is implemented based on the file system. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 334 Configuration Guide - Basic Configurations A Glossary HGMPv2 Huawei Group Management Protocol Version 2. A protocol with which the discovery, topology collection, centralized management and remote maintenance are implemented on Layer 2 devices of a cluster that are connected with the router.
  • Page 335 239.255.255.255. Each multicast address represents a multicast group rather than a host. Neighbor Discovery Protocol. A protocol that is used to discover the information of the neighboring Huawei device that is connected with the local device. Network Management System. A system that sends various query packets and receives the response packet and trap packet from the managed devices and displays all the information.
  • Page 336 A flow control measure to shape the flow rate. It is often used to control the flow in regular amounts to ensure that the traffic is within the traffic stipulated for the downstream router and prevents unnecessary discard and congestion. Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 337 Versatile Routing Platform. A versatile routing operating system platform developed for all data communication products of Huawei. With the IP service as its core, the NE80E/40E adopts the componentized architecture. The NE80E/40E realizes rich functions and provides tailorability and scalability based on applications.

  • Page 338: B Acronyms And Abbreviations

    Advanced Encryption Standard ASPF Application Specific Packet Filter Auxiliary port Border Gateway Protocol Class-based Queue CHAP Challenge Handshake Authentication Protocol Custom Queuing CR-LDP Constraint-based Routing LDP Data Encryption Standard Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 339 International Telecommunication Union Telecommunications Standardization Sector L2TP Layer Two Tunneling Protocol LAPB Link Access Procedure Balanced Label Distribution Protocol Medium Access Control MBGP Multiprotocol Extensions for BGP-4 Multiple Frame Relay Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 340 Point-to-Point Protocol over Ethernet PPPoEoA PPPoE on AAL5 Priority Queuing Quality of Service RADIUS Remote Authentication Dial In User Service Routing Information Protocol Resilient Packet Ring RSVP Resource Reservation Protocol Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.
  • Page 341 Trivial File Transfer Protocol Virtual Private Network Versatile Routing Platform VRRP Virtual Router Redundancy Protocol Wide Area Network Weighted Fair Queuing WRED Weighted Random Early Detection X.25 Over TCP Issue 02 (2011-09-10) Huawei Proprietary and Confidential Copyright © Huawei Technologies Co., Ltd.

This manual is also suitable for:

Netengine40e

Table of Contents